diff options
-rw-r--r-- | architecture.mdwn | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/architecture.mdwn b/architecture.mdwn index 57f4fc3..5d6f07c 100644 --- a/architecture.mdwn +++ b/architecture.mdwn @@ -51,7 +51,9 @@ End-users are authenticated using the [OpenID Connect][] protocol, specifically the authorization code flow. In this flow, Qvisqve provides cryptographically signed access tokens, which identify the user and specify a list of things the user may do. The signature -guarantees the token comes from Qvisqve. +guarantees the token comes from Qvisqve. To prevent the access token +from leaking to the browser, effiweb keeps the token, and also manages +user sessions. Non-interactive API clients are authenticated using the [OAuth2][] protocol, specifically using client credential grants. This also |